summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Makefile.am11
-rw-r--r--src/db/sysdb_ops.c2
-rw-r--r--src/responder/pam/pam_LOCAL_domain.c2
-rw-r--r--src/util/crypto/libcrypto/crypto_sha512crypt.c (renamed from src/util/crypto_sha512crypt.c)1
-rw-r--r--src/util/crypto/nss/nss_sha512crypt.c (renamed from src/util/nss_sha512crypt.c)49
-rw-r--r--src/util/crypto/nss/nss_util.c74
-rw-r--r--src/util/crypto/nss/nss_util.h27
-rw-r--r--src/util/crypto/sss_crypto.h (renamed from src/util/sha512crypt.h)0
8 files changed, 119 insertions, 47 deletions
diff --git a/Makefile.am b/Makefile.am
index 4d8467c68..b0e04b5d5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -117,11 +117,12 @@ noinst_LTLIBRARIES = \
libsss_crypt.la
if HAVE_NSS
- SSS_CRYPT_SOURCES = src/util/nss_sha512crypt.c
+ SSS_CRYPT_SOURCES = src/util/crypto/nss/nss_sha512crypt.c \
+ src/util/crypto/nss/nss_util.c
SSS_CRYPT_CFLAGS = $(NSS_CFLAGS)
SSS_CRYPT_LIBS = $(NSS_LIBS)
else
- SSS_CRYPT_SOURCES = src/util/crypto_sha512crypt.c
+ SSS_CRYPT_SOURCES = src/util/crypto/libcrypto/crypto_sha512crypt.c
SSS_CRYPT_CFLAGS = $(CRYPTO_CFLAGS)
SSS_CRYPT_LIBS = $(CRYPTO_LIBS)
endif
@@ -296,7 +297,7 @@ endif
dist_noinst_HEADERS = \
src/monitor/monitor.h \
- src/util/sha512crypt.h \
+ src/util/crypto/sss_crypto.h \
src/util/dlinklist.h \
src/util/util.h \
src/util/strtonum.h \
@@ -350,6 +351,10 @@ dist_noinst_HEADERS = \
src/resolv/ares/ares_data.h \
src/tests/common.h
+if HAVE_NSS
+ dist_noinst_HEADERS += src/util/crypto/nss/nss_util.h
+endif
+
####################
# Program Binaries #
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index d86c35d6c..017f8ebce 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -21,7 +21,7 @@
#include "util/util.h"
#include "db/sysdb_private.h"
-#include "util/sha512crypt.h"
+#include "util/crypto/sss_crypto.h"
#include <time.h>
static int add_string(struct ldb_message *msg, int flags,
diff --git a/src/responder/pam/pam_LOCAL_domain.c b/src/responder/pam/pam_LOCAL_domain.c
index d6c532e01..0df9499dd 100644
--- a/src/responder/pam/pam_LOCAL_domain.c
+++ b/src/responder/pam/pam_LOCAL_domain.c
@@ -24,7 +24,7 @@
#include "util/util.h"
#include "db/sysdb.h"
-#include "util/sha512crypt.h"
+#include "util/crypto/sss_crypto.h"
#include "providers/data_provider.h"
#include "responder/pam/pamsrv.h"
diff --git a/src/util/crypto_sha512crypt.c b/src/util/crypto/libcrypto/crypto_sha512crypt.c
index 9cd03a1e1..29900cc9c 100644
--- a/src/util/crypto_sha512crypt.c
+++ b/src/util/crypto/libcrypto/crypto_sha512crypt.c
@@ -379,4 +379,3 @@ int s3crypt_gen_salt(TALLOC_CTX *memctx, char **_salt)
return EOK;
}
-
diff --git a/src/util/nss_sha512crypt.c b/src/util/crypto/nss/nss_sha512crypt.c
index 8ba16d4aa..514e4d9a3 100644
--- a/src/util/nss_sha512crypt.c
+++ b/src/util/crypto/nss/nss_sha512crypt.c
@@ -21,41 +21,13 @@
#include <sys/types.h>
#include "util/util.h"
+#include "util/crypto/nss/nss_util.h"
#include <prinit.h>
#include <nss.h>
#include <sechash.h>
#include <pk11func.h>
-static int nspr_nss_init_done = 0;
-
-static int nspr_nss_init(void)
-{
- int ret;
- PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
- ret = NSS_NoDB_Init(NULL);
- if (ret != SECSuccess) {
- return ret;
- }
- nspr_nss_init_done = 1;
- return 0;
-}
-
-/* added for completness, so far not used */
-#if 0
-static int nspr_nss_cleanup(void)
-{
- int ret;
- ret = NSS_Shutdown();
- if (ret != SECSuccess) {
- return ret;
- }
- PR_Cleanup();
- nspr_nss_init_done = 0;
- return 0;
-}
-#endif
-
/* Define our magic string to mark salt for SHA512 "encryption" replacement. */
const char sha512_salt_prefix[] = "$6$";
#define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)
@@ -153,12 +125,10 @@ static int sha512_crypt_r(const char *key,
salt = copied_salt = memcpy(tmp + ALIGN64 - PTR_2_INT(tmp) % ALIGN64, salt, salt_len);
}
- if (!nspr_nss_init_done) {
- ret = nspr_nss_init();
- if (ret != SECSuccess) {
- ret = EIO;
- goto done;
- }
+ ret = nspr_nss_init();
+ if (ret != EOK) {
+ ret = EIO;
+ goto done;
}
ctx = HASH_Create(HASH_AlgSHA512);
@@ -387,11 +357,9 @@ int s3crypt_gen_salt(TALLOC_CTX *memctx, char **_salt)
size_t slen;
int ret;
- if (!nspr_nss_init_done) {
- ret = nspr_nss_init();
- if (ret != SECSuccess) {
- return EIO;
- }
+ ret = nspr_nss_init();
+ if (ret != EOK) {
+ return EIO;
}
salt = talloc_size(memctx, SALT_LEN_MAX + 1);
@@ -416,4 +384,3 @@ int s3crypt_gen_salt(TALLOC_CTX *memctx, char **_salt)
return EOK;
}
-
diff --git a/src/util/crypto/nss/nss_util.c b/src/util/crypto/nss/nss_util.c
new file mode 100644
index 000000000..59390eb96
--- /dev/null
+++ b/src/util/crypto/nss/nss_util.c
@@ -0,0 +1,74 @@
+/*
+ SSSD
+
+ NSS crypto wrappers
+
+ Authors:
+ Sumit Bose <sbose@redhat.com>
+ Jakub Hrozek <jhrozek@redhat.com>
+
+ Copyright (C) Red Hat, Inc 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "config.h"
+
+#include <prinit.h>
+#include <prerror.h>
+#include <nss.h>
+#include <pk11func.h>
+
+#include "util/util.h"
+
+static int nspr_nss_init_done = 0;
+
+int nspr_nss_init(void)
+{
+ SECStatus sret;
+
+ /* nothing to do */
+ if (nspr_nss_init_done == 1) return SECSuccess;
+
+ PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
+
+ sret = NSS_NoDB_Init(NULL);
+ if (sret != SECSuccess) {
+ DEBUG(1, ("Error initializing connection to NSS [%d]\n",
+ PR_GetError()));
+ return EIO;
+ }
+
+ nspr_nss_init_done = 1;
+ return EOK;
+}
+
+int nspr_nss_cleanup(void)
+{
+ SECStatus sret;
+
+ /* nothing to do */
+ if (nspr_nss_init_done == 0) return SECSuccess;
+
+ sret = NSS_Shutdown();
+ if (sret != SECSuccess) {
+ DEBUG(1, ("Error shutting down connection to NSS [%d]\n",
+ PR_GetError()));
+ return EIO;
+ }
+
+ PR_Cleanup();
+ nspr_nss_init_done = 0;
+ return EOK;
+}
diff --git a/src/util/crypto/nss/nss_util.h b/src/util/crypto/nss/nss_util.h
new file mode 100644
index 000000000..7387b9a7e
--- /dev/null
+++ b/src/util/crypto/nss/nss_util.h
@@ -0,0 +1,27 @@
+/*
+ SSSD
+
+ NSS crypto wrappers
+
+ Authors:
+ Jakub Hrozek <jhrozek@redhat.com>
+
+ Copyright (C) Red Hat, Inc 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+int nspr_nss_init(void);
+int nspr_nss_cleanup(void);
diff --git a/src/util/sha512crypt.h b/src/util/crypto/sss_crypto.h
index 5512c5d96..5512c5d96 100644
--- a/src/util/sha512crypt.h
+++ b/src/util/crypto/sss_crypto.h